Can I still use fail2ban while using Cloudflare article

#1

When you restore original visitor IP it bans that ip in fail2ban, not any cloudflare ip. (That is perfect)

The issue is that even though you ban the original ip, traffic from the original visitor ip over records that are orange clouded will be able to continue attacks unmitigated. Only if you have traffic over grey clouded records will it stop the original ip from continuing the attack unmitigated.

The only solution I have found is using the cloudlfare api to add banned ip addresses to cloudflare.

This is not a real viable option as a site that has been under heavy attack can have over the limit of ip addresses listed.

Is there something missing in the Can I still use fail2ban while using Cloudflare article?

#2

I am afraid I fail to understand what you are trying to say here.

If you manage to block an IP - as you said - the IP will be (obviously) blocked, and that regardless of whether it goes through Cloudflare or not. What am I missing here?

#3

Sorry, I hope this clears it up!

I can block an ip of a visitor on the server while using Cloudflare, but even though that ip is blocked that user still accesses the site.

Now if I am not using Cloudflare and that same visitor is blocked then they can’t access the site.

I restored the original visitor ip for cloudflare traffic, and even though the original ip is restored they are not blocked.

#4

In that case either your IP rewriting or the mechanism to block it doesnt work. Once the IP gets rewritten it looks identical to the server as if the request came in directly.

The only possibly explanation could be that you call fail2ban before you rewrite the address. In that case switch the order of these two calls/plugins, so that fail2ban takes the actual client address.

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.